This is active in Ukraine and parts of the Middle East and Turkey. Patches have been made already so this is for those folks not updating and or visiting sites harboring this malware. #Wateringhole #oneclick #darksword

@lorenzofb https://infosec.exchange/@lorenzofb/116280446350973820

"Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks.

While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting organizations in Taiwan. This includes the repeated compromise of a regional digital marketing firm to execute supply chain attacks and the use of targeted phishing campaigns.

This report provides a technical analysis of the BADAUDIO malware, details the evolution of APT24's delivery mechanisms from 2022 to present, and offers actionable intelligence to help defenders detect and mitigate this persistent threat.

As part of our efforts to combat serious threat actors, GTIG uses the results of our research to improve the safety and security of Google’s products and users. Upon discovery, all identified websites, domains, and files are added to the Safe Browsing blocklist in order to protect web users across major browsers. We also conducted a series of victim notifications with technical details to compromised sites, enabling affected organizations to secure their sites and prevent future infections."

https://cloud.google.com/blog/topics/threat-intelligence/apt24-pivot-to-multi-vector-attacks

#CyberSecurity #China #WateringHole #APT24 #Badaudio #Phishing #Taiwan #MultiVectorAttacks

@ansuz writes about #SupplyChain / #WateringHole attacks:

"...check if you have a business relationship with the organization from which that component was sourced. If you do not, then it's not a supply chain attack because that software component did not come from a supplier"

https://cryptography.dog/blog/back-to-watering-holes/

#FOSS #OpenSource

the third place...

#thirdplace #wateringhole #options #community #publiclibrary

Day 6 of #30DaysWild

Very little time to spare today, so I haven't managed to get outdoors. I have been thinking about #nature though; more specifically, how best to support my #hedgehog visitor(s).

I'm going to go through the older crockery & those plant pots that moved home with me, and set up a mini #wildlife #wateringhole :)

Y'all gotta drink!